Companies collect data related to individuals for various purposes. For example, companies may require a person to provide certain personal information to provide services, complete transactions, target advertising, accept job applications, and hire employees. In some cases, with or without the person's approval, companies share data with other entities such as affiliates or third parties to create efficiencies, increase accuracy in the data, and provide a better overall experience for the customer.
In recent years, businesses have set standards and entered into contracts that set or outline obligations and restrictions, and legislators have enacted various laws and regulations relating to accessing or sharing data, due in part to concerns about privacy and identity theft. The various laws, contracts, and regulations governing data sharing can apply separately or in concert, increasing complexity, making it difficult to determine what data may be accessed or shared, and if the data may be accessed or shared, under what circumstances it is legal or appropriate. Additionally, the consequences for violating the standards or regulations may be high. For example, allowing access to such information illegally or inappropriately may result in potential liability or civil fines, disparaged reputation, customer dissatisfaction, and loss of business. Therefore, instead of risking noncompliance with the law or business standards, many companies choose not to share data, even when circumstances permit allowing access under the governing standards or regulations. An additional burden for companies is demonstrating to officials that any data shared with or accessed by affiliates or third parties complies with the applicable regulations or standards.